Slashdot Mirror
Windows XP SP2 Could Break Some Applications
Denver_80203 writes "An article from InfoWorld states that the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Or: 'The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one.' Fortunately for us, they are offering a course to guide the unsecure masses."
"the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.'"
That's just about every application in Windows XP
Setec Astronomy
another reason for the company I work for to NOT migrate from Windows 2000.
Thank you Microsoft!
Do not look at laser with remaining good eye.
Is this supposed to mean that Java will stop working?
--t
I have been waiting for this for a long time, glad to see it included in sp2.
Open Office, Mozilla, Java based applications, Apache with PHP, and other applications written by a bunch of programmers without a management control :)
From the article @ Windows XP SP2 could break existing application
according to Tony Goodhew, a product manager in Microsoft's developer group:
"SP2 will break some applications because they are insecure," he said. "Security is important, and it is not just a Microsoft problem but a developer community problem. We all need to work together to create a more secure computing environment."
"It doesn't really matter how long it is going to take you to do the work; security is an important issue, and developers need to start doing that work now," Goodhew said.
Consensus is good, but informed dictatorship is better
"the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.'" I thought service packs were supposed to FIX the operating system.
Sounds like an issue with NX bit implementation on A64 ... this protects memory that is tagged as data from being executed (which protects against buffer overrun exploits, which are 50% of the MS security issues). This would affect .NET, Java, etc. However I'm sure that there is a way to fix this for these types of application!
Regardless, enforcing decent security like this is good.
Now all the hackers will have to try other methods of hacking windows, heh. I'm sure that there is no shortage of them!
Microsoft has a nice bit of info for developers. All in all, I'm pretty impressed with the work and thought they've put into this SP--should make the world just a little bit safer for computing (of course, only for the folk running XP, the rest of their offerings don't have any of this as far as I know).
Without doubt, countless QA software testers & coders will cry out in anguish over this.....more work for them to do. But if they want to sell their software on the large Windows desktop market....They have little choice in the matter.
For each software build, we have to test against the various OS versions, and different service packs builds. Not fun...
I really like the direction Microsoft is heading.
Granted it was needed as their reputation, in regards of security, has always been low to none.
I really hope this will rid Windows XP of future remote exploits, since that's still the biggest threat Windows is facing.
Having said that, this wont fix all security problems, there will always be the luser that executes whatever is mailed to him/her, but it's still a step in the right direction.
Fortunately for us, they are offering a course to guide the unsecure masses.
The blind leading the seeing?
c++;
Obviously never had to use MFC then eh? .NET provides a nice clean set of APIs that aren't retarted.
QuickTime
RealPlayer
Fuck, where do I sign?
I read an article about this yesterday and wanted to test it against some apps where I work, but could not find the download for it on the Microsoft website. Do you have to have an MSDN subscription to get it. Seems rather rather screwy that if I want to make sure my app works with Microsofts OS I pay to them an extra $500 for the privilege. Maybe this is the new money making model. Profits are down this quarter, lets go break some code and charge them for how to fix it.
...when one realises that most of this effort is fruit of a tiny 5kb worm which actually had asked mr gates to repair his software... I'm still working on my sig
but with linux there is at least two big differences:
you are not fixed to xandros, i use debian and can (and atleast did) boot 2.2 2.4 2.5 and 2.6 series kernels, so just switch your distro to one that fits your needs better.
also check when the last security stuff for the windows 95 generation (95,98,me) and older nt's (4 and downwards) was released. on the other hand even the 2.0 kernel is still maintained and updated.
-- Karma: beyond good and evil - mostly affected by posting political
First, they decided to postpone Longhorn "Until it's done", rather than releasing a shoddy product early.
Second, they've gone so far as to break application compatibility in order to clean up a number of deeply embedded security holes in Windows.
Personally, I think this is a Very Good Thing(tm). Microsoft may finally be "Getting it"
' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Let's see how this works.., We have a broken security model so the onus is on you to fix your apps because of our piss poor planning (ease of use vs security/functionality) Hmmm...,
In the past, MS has broken Windows 95/98 applications, but Windows XP/2000 had compatibility modes available for the older applications. If it is as they say, and newer apps will be intentionally broken without any way of going into a compatibility mode, this will be bad.
I have difficulty believing MS would not include some kind of compatibility mode, however. It'll be interesting to see what they do. It won't really affect me though, I don't use XP and can't stand that OS (Windows 2000 is still my favorite Microsoft OS; Windows XP is just 2000 with some pretty GUI changes and some compatibility fixes.)
QA software testers & coders will cry out in anguish over this.....more work for them to do
I don't think the will "cry out in anguish" if they've got any sense. In today's market they'll jump for joy, knowing that their jobs are safe for another few months.
...IE will continue to be broken then :-)
Actually, I'm very interested to see if the SP2 pop-up ad blocker will actually work in IE since MS has dragged their feet on this issue. Half the battles we have been fighting lately at work involve IE and pop-ups that install crap without any notification.
"Klaatu, verada, necktie!" -Ash
Upgrading to 2.6 was not a forced security upgrade, but simply an option. Patching security with linux is a quick patch and restarting the affected service.
Does this Service Pack allow itemized upgrading? A reboot? Uninstalling broken patches? More than one reboot?
Actually, only the Itanium and AMD K8 are affected by this immediately; Microsoft isn't yet marking memory nonexcutable by default on the good old x86 processors that we all use.
Regardless, it is trivial for developers to update their code for things like JIT compilers, with a simple function like this:
I added that piece of code to my company's JIT compiler some years ago, just to ensure that the proper flags were set. I figured Microsoft would eventually switch to nonexecutable data and stack segments, much like the OpenWall project has done with their Linux patches. Glad to see Microsoft is finally taking the first steps.
It's hard for thee to kick against the pricks.
SP2 is not just another Service Pack. MS are using this as a means to introduce a lot of new stuff. everything from locked-down DCOM settings, to pop-up blockers and a new version of the Windows Installer.
A lot of stuff is going to break, but I think that this is good in a way. MS have finally put security ahead of backward compatibility. Once these changes are in place and apps are working with them, the system is going to be more secure. For once MS should be applauded - yes, you can argue it's a bit late, but at least they're doing it now.
If you want to check out what changes SP2 actually makes, have a read of this white paper:
Changes to Functionality in Service Pack 2 for Microsoft Windows XP
Lengthy, but worth a read, especially if you have apps that you think might be affected.
A downloadable version is available here.
He's not a programmer. This is important. From the end-user perspective, .NET is just a ill-formed buzzword. I do not doubt the idiocy of MFC (although I've never used it), and the improvement that .NET brings (although I've never used it), but as a Windows user, not developer, I can't see the difference or the point in installing the .NET framework.
The previous sig has been removed due to
Microsoft has pandered to broken applications for far too long. Maybe if they finally get over their "backwards compatibility at all costs" attitude, they'll get around to fixing some of the fundamental flaws in their OS.
I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.
Windows adds NX security to prevent buffer overflows, Slashdot bags on Microsoft for breaking a few apps in the process (apps which were arguably broken in the first place, just the spec was never enforced).
I understand there's a slight bias on this site, but Jesus Christ you guys.
I don't see how Visual Studio .net and .Net Framework users can be considered a small minority. The thing is, Microsoft releasing a service pack that breaks everything is very different from a linux distribution breaking when the use decides to try to compile and install new software completely on their own--Microsoft is the equivalent of the whole open source community of programmers and distributors combined, so a new service pack isn't analagous to a new major release of the Linux kernel, it's more like a new minor release of a Linux distribution. And I'm not sure it's even like that, since a service pack upgrade is supposed to be a lot easier to do then installing a Linux distribution release--so it's more like an distro-released security fix. Which isn't supposed to break everything.
I don't know anything about the specifics, but there are memory-protecting kernel patches out there for linux, like PAX and grsecurity and probably a bunch of others. You have to disable them when running Java and X, so I imagine Java will be effected by this update.
The real problem is that the benefits it (should) bring will not get deployed to the bulk of systems that need it - at 210Mb I can't see the majority of systems out there that really need it getting the whole thing downloaded, at least not within any reasonable time frame. Hopefully by the time it is actually released they will have a lite version on Windows update that can push the security improvements in a much smaller package.
Their decision to at least try to implement some long overdue fundamental improvements to the security of the architecture is to be welcomed no matter how over due it is. However despite that their decision not to add any outgoing filtering capability to the ICF doesn't make any sense to me and seems, well, just stupid really.
Backward compatibility has been a bit of a sacred cow in Windows for too long. Much of Windows' excess complexity and security deficiencies can be directly attributed to compromises made for the sake of compatibility with old applications.
that the memory protection was only usable w/ processors that flagged memory.
I do security
Here's a list of a few applications that has been reported having problems in the latest betas of SP2, compiled from comments at Neowin when they posted these news:
- Zone Alarm 2 (uninstall stops working)
- BS Player (driver fail to load)
- Roxio Easy Media Creator 7
- Microsoft Intellipoint 5.0
- Azureus BitTorrent client
- ATI's Rage3DTweak for Radeon
- Easy CD Creator 5
- eMule
- Tritton NAS-120's Managment Interface
- Leadtek WINFAST TV PVR (driver fail to load)
- ISO Recorder Powertoy
Also, a user reports the Windows XP SP2 firewall blocking incoming FTP traffic even without an installed firewall, and XP's built-in disabled.
Maybe it's "beta diseases", but it does seem like a lot to break for a service pack, even in a beta. These are usually quite stable as they contain mostly bugfixes, not Win32 API changes (which these problems are supposedely caused by).
Beware: In C++, your friends can see your privates!
If this breaks insecure apps like Mozilla/Netscape/Firefox, the logical thing would be that it smashes IE into oblivion.
I couldn't come up with any better sign....
This is a good thing that OSes like Solaris have had available for years. OpenBSD has recently changed their default memory page allocation permissions on architectures where it's possible for a similar effect. Patches exist under Linux to do it. However, I believe in all these cases that you can still REQUEST memory allocations that do NOT have the restriction if you are doing JIT compilation or whatnot.
/' string somewhere in memory).
Microsoft isn't stupid. I'm sure they'll figure out a way to allow old apps to run with the old allocation behavior. Their entire business relies on legacy compatability. At worst you'll need to set some flag on the application launch.
The other thing to note is that crackers have also had ways to defeat execution-protected memory for years as well. It makes a buffer overflow exploit a bit more difficult, but where there is a will there is a way.
For example, even if the protection prevents you from writing executable code directly into memory, you can still typically do things like overwrite the stack and hijack the program's execution to a system call with malicious parameters (in Unix, the classic call to hit is system()...no custom code execution required, just a 'rm -rf
Braddock Gaskill
Sounds like a rather nice way of introducing stability and or compatibility problems to java by not allowing Sun's Hot Spot just in time compiler to work correctly.
Got Code?
You evidently don't understand how Microsoft works as a business. Unlike most software shops, they take the long-term perspective. Many of their competitors have learned this the hard way. (E.g., "Internet Explorer is a failure." As of version 3, it was a failure in terms of market penetration, but MS didn't care.) Full Microsoft product cycles typically take about ten years.
Every major new Microsoft product or technology takes the better part of a decade to take over the desktop. By about 2007-2008 or so, once there starts to be a large installed base of Longhorn machines (which will have .NET preinstalled), .NET will really start to take off for shrinkwrap applications. Five years down the line from there, it will be just about ubiquitous. In the meantime, programmers are learning it and it's becoming a familiar feature of Visual Studio (an excellent IDE).
Microsoft Windows is, fittingly, the official Desktop OS of Olig
I know, I know. Don't feed the troll. You may think .NET is a failure, but there are a lot of companies who do not think so.
And if it was such a failure, why are the programmers in the open source computing community devoting the time and effort to make a linux version (mono, etc.).
And the same applies to java. "Download my free 175 KB java app" that requires a hefty download from sun. And that's just for one language.
However, I will agree that .NET is a really lame name.
~X
~X~
No, it's soooo 2004. Anti-MS/pro-Linux bias was restricted to very small groups of hackers in the 1990's, but it's progressively growing into the collective conscience, as more and more security failures in MS software get more and more people pissed-off.
Dude at 210 megs you're running the beta with all the debug stuff. It's not going to be anywhere close to that big when final release is compiled.
The thing is that in 2-4 years pretty much every one will have the .NET frame work as part of the OS (even MONO on Linux) so they will not have to down load it. Then .NET will become mainstream.
Art is the mathematics of emotion
Think of apple, they were never to worried about backwards compatibility and their os is more stable because of it. All those programs that weren't compatible with osx had to be updated to ensure they'd work with the changed operating system. True, the change was big because they went to a unix varient, but they still had the balls to tell developers to adjust or lose customers.
.NET, this is very smart for them. It makes it easier and cheaper for developers to make consistant apps in current and future versions of windows. If developers rely on ms code to handle the grunt work and they just do the stuff that makes their program, then they have a lot less overhead. And with microsoft grabbing it's balls and betting on security and stability, they can handle the backend bugs with their updates. True, that requires them to actually patch, but if they start with a much more stable and efficient groundwork, you'll see a lot less patches then now.
Now microsoft has always tried to make it easy to run old programs. Think of how long dos lasted so businesses could use their old proprietary programs. This caused a lot of problems with windows crashing. Windows xp was supposed to fix that shit, but now a new slew of shit has come about. Now what they're saying with sp2 is that they recognize their customers want security and stability over backwards compatibility.
The reason they're finally starting to do this is probably to compete with linux since those people most likely had to leave their old familiar apps with new ones. They see that people would rather deal with the adjustment of a new look and feel over constant reboots.
Now while everyone can point fingers and laugh at
Remember guys, microsoft isn't stupid.
As superstitious as this sounds I have found this to be true over the years with Microsoft. Almost without fail the even numbered SP's have broken features and the odd numbered ones fix them. I'll wait for SP3.
Besides, the combination of my Netgear firewall, McAfee Virusscan and just not opening strange attachments in my email protects me just fine.
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better." - Unknown
In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.
Not to flame, cause i'm not like that, but c'mon!?!
Pot to Kettle, "Guess who's black?"
Windows .NET Framework applications do not currently mark generated code with Execute permissions. XPSP2 recognizes the current, shipped versions of .NET Framework and runs them with NX off. Therefore existing .NET applications will continue to run. Microsoft is enhancing the .NET Framework to take advantage of NX and will ship service packs for each of the shipped versions in the XP SP2 RTM timeframe. The .NET Framework "Whidbey" will innately support NX.
I'm no Microsoft fan, in fact quite the opposite.
But by and large, these look like common sense changes that will likely cause a great deal less trouble than the move from 2000 to XP did for application vendors.
These folks write and consult and teach about Windows drivers. I've followed their newsletter ever since I had to write an NT kernel driver for some custom I/O hardware, in case I ever needed to do another one (blechh!).
According to their newsletter at www.osronline.com, XP SP2 will include mandatory runtime memory pool overrun checking for all drivers. While this will improve the OS' security, it will ALSO cause mysterious failures on upgraded systems due to poorly-written legacy XP drivers. I make no judgements as to the wisdom of this course, but it's definitely worth knowing about beforehand. Of course, if they'd done this FROM THE START, then there would be no failures from it with the upgrade...
"My strength is as the strength of ten men, for I am wired to the eyeballs on espresso."
The kind of moron who needs an excuse for why his midterm wasn't ready? :^P
One line blog. I hear that they're called Twitters now.
Upgrading to 2.6 was not a forced security upgrade, but simply an option.
Installing XP SP2 will not be a "forced security upgrade" either but also "simply an option".
...Will it break KaZaa?
Even people that believe in pre-destiny look both ways before crossing the street.
You have to bag on MS for this?
Ok, imagine this alternate Slashdot headline:
MS sales buries secure XP
Itoldyouso writes - A leaked memo indicates that the Microsoft developers created a much more secure version of their flagship operating system. However, because it would have caused problems with a small number of applications that were designed insecurely, the Sales & Marketing teams vetoed the new secure version, in an attempt to avoid a customer backlash. It is now official - Microsoft's commitment to trustworthy computing is a complete joke.
I have a feeling that post would rile a lot more people here.
Wrong. Get your facts straight.
Bit 43 of the x86 segment descriptor table specifies whether a memory segment is executable.
Attempting to assign CS to a nonexecutable (read/write data) segment, i.e. attempting to execute code in a segment not specifically marked as executable, generates an exception. (See also this presentation for an overview of this and many other x86 security features, most of which are, admittedly, ignored by both Windows and Linux.)
And, by the way, this feature has been around since protected mode was introduced on the 80386. That was in 1985, almost 20 years ago.
It's hard for thee to kick against the pricks.
NX bit may not be a panacea, but it's still very useful. There's a reason OpenBSD is trying to support it. Is it supported in Linux yet? And if not, why not? "Don't allow this to execute" is a basic permission, like read-only, that should have been in the VM system from day 1 -- and I think it was, in many other architectures.
/. if MS didn't release this.
And yes, I do think you'd find a shitstorm on
The enemies of Democracy are
In similar news, I've begun upgrading computers at work to OS X 10.3 and found things like AppleScripts I have made suddenly don't work anymore. WTF!? And various other installers (presumably using AppleScript) don't function either.
I'm all about progress and out with the old but ditching last year's technology is a bit quick.
No sig for you. YOU GET NO SIG!
The address still says slashdot.org, but there is approval of something Microsoft has done...
"There is nothing wrong with your browser. Do not adjust the site. WE control the comments, we control the moderators...."
Not unless they backport all security fixes to XP SP1
Yeah, I agree, that would be quite unreasonable to expect Microsoft to not release this service pack. I hope it is apparent in my post that I don't think MS should shut this SP out; I just think it'll cause a lot of headaches, and I really hope they have an option to turn it off! (I.e. turn off the new security protections).
Some stupid developers (including Canada Customs & Revenue Agency's contractor who did the "tables on disk") put their data files in the "Program Files" subtree, and don't set any acls to allow anyone other than admin access.
One method I've used to get around this is logging in as a normal user, watching for what files it can't write, logging in as admin, setting the acls (with "cacls") to allow access to that file, log in as normal user again, run the program again, etc.
Sure, it's slow, but some programs you just need (like TOD), while others really should say "must be run as admin" on the box so we know to avoid them (like Quicken).
Interestingly, Tables on Disk (which is used to calculate payrol deductions) is a java program, but is only provided as windows & mac self-extracting installer. If they provided a zipped version, we wouldn't need any closed-source OS machines where I work.
seems like a great way to give people a longhorn
Electronic Music Made Using Linux http://soundcloud.com/polyp
Frankly I can't see why anybody is whining over this, unless it's the instinctive MS bashing of Slashdot.
They are adding a security feature that will improve the overall security of the operating system at the cost of breaking older, insecure, applications. This is done everywhere and for some odd reason it's usually considered a good thing.
I am looking forward to this, any my question is only when this kind of features can be implemented in linux to improve the security here too... (Or is it perhaps in there allready?)
My Norton Internet Security currently interferes with my Visual Studio .NET remote debugging. So I can disable it while debugging or I can configure NIS to track when the program is running and let it use those ports.
.Net Framework. The new memory protection features in SP2 require developers of certain applications to mark their code with memory execution permissions. If they don't, the protection features could interfere with the application, according to Microsoft.
.Net Framework is one," Goodhew said. "
.NET like we told you, you won't be affected. (But .NET apps are going to have to be modified to switch on memory protection)
.NET. (Which, last I checked, was the only way to make .NET objects that run on Windows). Without that flag turned on, the .NET object is marked UNSECURE.
.NET into the programming paradigm and making Microsoft Programming Languages THE programming languages. (Programmer mindshare... if you're busy keeping up with Microsoft, you're not programming for something else or making reusable code to port to other platforms.)
Now MS says, with their new firewall, I don't *have* that option? Now anybody who wants to write an app to use a port must first notify MS that it wants to use that port.
Doesn't this mean that malicious programs will just quietly open up firewall ports on their own without notifying the user?
Secondly, what does this mean:
"Another product that Microsoft needs to update is the
"The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The
Translation:
Mostly only unmanaged C++ programmers will be affected by these security changes. If you had just programmed the Microsoft way to begin with and used
Memory protection only occurs on NEW processors. The vast majority of the world runs Windows on NON-SECURE processors.
Stranger still, Microsoft has had buffer overrun checking BUILT IN to Visual Studio
Lastly, Microsoft's greatest security problems are not buffer overruns or firewall holes. They're AUTOMATIC ACTIVEX control installation from malicious pop ups to install spyware. They're wide open access to the email address box and a by-default scripting system that allows malicious emails to respawn themselves. They're bugs in the Internet Explorer control that allow malicious URL's.
NONE of these "security innovations" even take a crack at stopping those!
What DO these security innovations do?
Destroy a previously lucrative software market for antivirus tools.
Take the firewall OUT OF THE CONTROL of the user and put it firmly inside the OS to determine what's good for you. (Remember DRM? Isn't it interesting that the main thing broken from this portion of the update are peer-to-peer apps and FTP sharing?)
Further entrench
I'm all for security, and now these boxes will be secure... But no moreso than the typical user installation out there today that uses a third party antivirus/firewall solution and keeps their system up to date with the latest patches.
This is about as effective at what MS did with Outlook XP and *by default* turning off the ability to get attachments out of your email. You had to setup a profile configuration OR edit your registry settings to get that feature back.
Y'know, there comes a point where you have to say, I can ride my bicycle without training wheels.
I understand that MS is fighting a bad PR image. But if this is how Microsoft "innovates"... Well, might as well just have lightweight users use Macs (which will hold their hands) and pro users/developers can use Linux.
Finially, they're biting the bullet and doing the right thing. A sensibly configured default firewall - it's one of the things they should've been doing for years. The memory protection is also interesting - and probably a good move, so long as developers don't start using it as a crutch.
Now, if we see built-in virus protection, tainting or sandboxing of executable code recieved by email, proper MIME handling, and flagging of double extensions, AND AUTOMATIC UPDATES THAT ARE ON BY DEFAULT, it'll be mostly there.
Even forcing users to take an extra step (like the 'chmod u+x' required on *NIX) to make emailed and downloaded files executable would help a _lot_. Sure, viri would just start saying "click properties, then tick 'executable'" in the messages; but it'd stop a lot of the worst offenders from viewing things without thinking.
"Microsoft service pack breaks applications." This is certainly nothing new. Microsoft service packs have had a history of breaking applications. So the real issue here is Microsoft taking more consideration for applications. I mean, for there to be a history of application breaking with service packs, one would think that Microsoft would have done something to help prevent future problems.
Or you could just sit and blame Microsoft for your inability to read their supplied documentation pandering to a community that is as inept and continue to use the product without a clue as to how it works.
some of us don't have the luxury of changing a distro as often as we change our shorts
What about changing our shorts as often as we switch distros?
My English teacher once told me that two positives don't make a negative. Two words for her: Yeah, right.
As anybody that has been running the beta of SP2 probably knows, this incredible application-breaking feature is ******OPTIONAL******* and can be ****TURNED OFF IF IT PRODUCES PROBLEMS****.
Furthermore, it doesn't even work in non-Opteron processors.
I mean, people are acting like upgrading to SP2 is going to suddenly destroy their ability to use applications when this option isn't even on by default.
Certainly you people aren't this ignorant, are you?
Quoting from the article linked below:
Starting with Windows XP Service Pack 2, on processors which support it (according to the web page, currently AMD K8, Itanium, and AMD64), the stack and heap will not be executable. If you try to execute the stack or the heap, an exception will be raised and the code will not execute. In other words, execute page protection will soon be enforced, now that processors exist that support it. (Actually, I believe Windows XP for Itanium already used this new protection level, so those of you who have been playing around with your Itanium may have seen this already.)
If you were a good developer and followed the rules on page protections, then this has no effect on you. But if you cheated the rules and took advantage of specific hardware implementation details, you may find yourself in trouble. Consider yourselves warned.
posted on Tuesday, November 04, 2003 3:38 AM
http://weblogs.asp.net/oldnewthing/archive/2003/11 /04/55560.aspx
Sure, but nobody uses segmented memory anymore... All modern OSes (Windows 2K, Linux, BSD, Solaris... ) use paged memory. So my point is still valid.
Nobox: Only simple products.
My guess would be probably not. And yes, although I'm a cynic, the reason I say this has nothing to do with the DoJ possibly letting it slide.
If I recall correctly, most of the original slap against Microsoft with regards to Java, was that they played dirty. In this case, Microsoft actually isn't playing dirty (from what I see thus far), they're giving out the information (at what monetary cost, I don't know) to application developers on how to prepare their applications for the new Service Pack.
Therefore, Sun doesn't really have any grounds to take them to court. As long as Microsoft publically announces what they're doing, and makes the information to the application developers, then it is Sun's responsibility to make Java work with Service Pack 2.
Personally, I think it's in Microsoft's best interest to not do work-arounds for any applications, but rather just publish the information, and give the application vendors some time to prepare the fixes. At least in that way, Microsoft can be seen as being neutral, and not playing favorites. If application "foobar" doesn't work under SP2, then at least Microsoft could say, "talk to the application vendor". Whether or not that would be a big blow against Microsoft, well, it's hard to say.
-- Joe
1) There are some obvious security problems with the OS and some applications. Obvious like allowing MSHTML in Outlook. Allowing MSHTML in anything with admin priveleges is bad.
2) Windows in a default installation leaves thing waiting to be maliciously altered. Most users don't need admin priveleges, so why give them to everyone? There are other examples (like no default passwords on user accounts - admin accounts).
3) MS doesn't like fixing things. They seem to avoid it. IE is the classic example. MS has the largest installed browser base, and IE is one of the worst browsers. They are just screwing their customers there. MS: Just buy out Opera and use that, please.
4) Windows and most (if not?) everything MS owned is closed source. So not only does /. not like it, but geeks can't have their special way with their computer. There are huge benefits to open source of course, besides our curiousity and fetish for improvement.
5) MS doesn't patch security concerns or general bugs, and then goes around and tells people they have extremely fast return on necessary patchs and that their focus is on security. Well nobody really believes that, so MS is talking to itself and paying people to say it back to them.
6) MS is a big, rich corporation who has tried to take over a few industries at least.
As of 1 week ago the internet explorer update Q832894 causes MSN 8.x and 9 to have an internal error on load. If MS can't even keep compatability with their own software what hope do third party vendors have.
The Good:
Microsoft needs to do some house cleaning of Windows, and this seems as if it really is a step in the right direction as far as fixing up some of the security problems.
The Bad:
Of course, this is Microsoft we're talking about. If Microsoft can get away with purposefully breaking third party applications and then making it seem like it is for "security" purposes, they will.
Naturally, one has to wonder what havoc this SP will cause with 3rd. party firewall and antivirus software. It is not hard to imagine Symantec and McAfee taking a huge loss in user base if SP2 breaks their software, and then Microsoft says, "Well, those apps weren't well written or else SP2 wouldn't have broken them. Fortunately firewall and antivirus are built into Windows now, so you can ditch that 3rd. party software."
And this also will not really do very much to stop the spread of viruses/worms/trojans and adware, at least not immediately. The reasons are:
1. Most home users never run Windows Update. MS can tout the new security features all they want, but most users will not have these features because they won't patch.
2. People will still find a way to purposefully click on email attachments. I've known people who can't get weird email attachments because their AV software blocks it, so they DISABLE their AV software to open it.
3. SP2 doesn't look like it will address IE/ActiveX control issues that Adware writers love to take advantage of.
And of course, Microsoft is still pushing their campaign to integrate everything and the kitchen sink into the OS. First it was IE, now it is media player that MS claims is a vital component of Windows. Next it will be firewall and antivirus. These improvements should be modular so that users who have an external firewall or prefer a 3rd. party solution can simply knock it out of their install.
"You spoony bard!" -Tellah
How would you bounds check with the compiler? That would be a determanistic operation to figure out if a number wraps around in that particular case (means the code has to be executed). It would still be up to the program to make sure the number wouldn't wrap around. So this would be more of runtime information to be tested and the programmer would have to tell it if he wants the wrap around behavior or not. I suppose he could use one of the Lisp languages whos numbers are not dependant on machine word size.
Reserved Word.
Fortunately, the uninstallation makes heavy use of system-restore points, and seems to leave no residue!
With SP2, I also had problems with Services for Unix 3.5, but this may have been unrelated...
"Flyin' in just a sweet place,
Never been known to fail..."
.NET was always targetted for developers anyway. Users won't need to know about .NET.
.NET is replacing Win32 itself. The reecent betas are already running explorer.exe as managed code. So, users won't need to install the .NET framework because it will be part of Windows itself.
In Longhorn,
Right now, it's just a development framework to get used to.
"Sufferin' succotash."
While the SWT is pretty, it eats 120 megs of memory on my machine and a significant amount of CPU. The old standard BT client (whatever it's called) is more like 15 megs and much lighter on the CPU.
Actually, at work recently we've had a bit of a shootout among various XML DOMs. Our C++ code runs about 4 times slower than (my) tighter C code. But the amazing thing is that some Java code, with a highly optimizing JVM, has beaten my C by about 50%. Of course, we aren't counting startup time, but still, that sucker is fast. We think it comes down to the JVM being optimized for the P4 while the best I can do with Microsoft Visual C++ is optimizing for the Pentium Pro.
No one uses segmentation, so the feature is useless. The paging model for x86 have not had the benefit of a non-execution flag. This was introduced by AMD in x86-64, but unfortunately not copied by Intel in ia32e
Hack hack hack hack, remove hack, hack a hack, hack hack hack...
Their code is SO CHOCK FULL OF HACKS to support older applications, and even hack to hack old hacks, that eventually the OS will crumble under its own weight.
The Apple transistion from OS 9 to OS X was VERY slick. Give old apps a Classic mode, and as apps get rewritten you use the new rewritten version in the main OS, and only dip into Classic mode for the old/unconverted apps. After a few years, get rid of the Classic mode and yay, millions of people easily converted from one generation OS to the next. Watching Apple move people from OS 9 to OS X was what caught my eye and made me think "This company has a fucking clue!" And once I saw 10.3, I bought a Powerbook. Too good to refuse.
With windows, it's still hack hack hack hack... I can't wait to be ENTERTAINED when Longhorn comes out. It's going to be a great laugh at that mess. And great for self employed geeks like me that work as consultants. MS makes a mess every couple of years, and that keeps us geeks paid cleaning up the mess.
The fix, as I see it: MS, IMO, should write Longhorn without ANY HACKS for old apps, and include with the OS a free copy of Virtual PC running Windows XP. Treat Virtual PC (which they now own) as Apple did with their Classic mode.
Of course, MS won't do this, and couldn't do it right if they tried, and at the end you still have a crappy OS full of security holes and a bad GUI. Oh well.
This would be how any firewall worth it's shit works. Nothing is permitted incomming by default, unless there is a rule specifying otherwise. Now, when your computer goes and establishes a connection outgoing to another computer, that is permitted by default (unless there is a rule specifying otherwise).
Question is, what happens when the data comes back? If your firewall just says "allow out, deny in" and simply evaluates each packet in a vaccuum, it would do no good. You could never establish communications since all inbound traffic would be dropped.
So, what firewalls do is keep track of connections. You send a request to a webserver, it replies. The firewall, because it's stateful, knows that the reply is a response to your request, and permits it through. However, it's for that connection only. If the same server trys to poke at you, it'll get denied, while still allowing traffic for the web connection through.
Thus a stateful firewall with two simple rules (allow out, deny in) can secure a desktop system pretty well. Anyone that pokes at the system will get nothing, but all requests that the user initiates will be allowed.
The Windows XP firewall is a pretty simple one. By default, it does just this. You can also, if you like, specify inbound ports that are to be permitted at all times. So if you run an FTP server, you can specify that port 21 be permitted. However, in it's default config, it works great for most users. It's how I configure Kerio Personal Firewall for people, barring special needs.
I mean, let's say that MS releases a new version of Windows that is totally incompatible with the old version. Nothing from the old version runs. What will happen? No one will buy it. It's not like the old version will stop working, they'll just keep using it.
Even WITH all the backward compatibility they have all hell getting people to upgrade. NT4 is now about 8 years old. What's more, Windows 2000 or XP are basically ideal replacements for it. They support everything NT4 did and more. Also, since they are just newer versions of the same architecture, you have almost 0 compatibility problems. In fact there are plenty of Windows 95/98 apps that wouldn't run in NT4 that run fine in 2k/XP. Finally, MS has discontinued support of NT4, what with it being 8 years old and succeded by 2 OSes.
So no one uses NT 4 any more, right? Wrong. There are still plenty of bussinesses that are dragging their feat and whining about MS cutting off support "so soon". Basically it comes down to money (they are too cheap to buy an upgrade) and the fact that it still works fine for them.
So it is highly in MS's intrest to keep their OSes backward compatible. They want that all a customer's apps will run in the current version, so there is basically no excuse (other than money) not to upgrade.
Also think about it: If MS totally broke compatibility with old versions, why not move to Linux? I mean either way you are talking needing all new apps, and Linux actually HAS some apps and is free.
No, I imagine they'll continue to support legacy software to the best of their ability.
Good idea, however, don't use virtualpc. vpc emulates the hardware, while something like vmware, relies on the existing hardware. This is why you can't run windows on vmware in mac, but you can run windos in vmware for linux(on an x86 box) vmware-style is less work, and will be faster...
O how i wish they would do this.
MS is far from perfect, but worrying constantly about reverse compatibility is one of the major reasons windows is so insecure IMO. Microsoft can't take any big leaps in security as long as they have to work around 5 years of hacks and tweaks to keep things working. Microsoft seems to be doing a good job of giving developers fair warning. Furthermore, Windows actually has an excellent method for rolling back service packs, so even if it does break that mission critical app you can roll back and wait for an update.